Merge pull request #4 from openconnectivity/develop

Merge develop into master
openconnectivity · Aug 14, 2019 · 9d07b40 · 9d07b40
2 parents e6ba0bb + 904ec4b
commit 9d07b40
Show file tree

Hide file tree

Showing 36 changed files with 1,617 additions and 63 deletions.
diff --git a/extlibs/iotivity-lite b/extlibs/iotivity-lite
diff --git a/extlibs/patchs/remove_cred_by_credid.patch b/extlibs/patchs/remove_cred_by_credid.patch
@@ -0,0 +1,49 @@
+diff --git a/include/oc_pki.h b/include/oc_pki.h
+index acbab8c..c16b512 100644
+--- a/include/oc_pki.h
++++ b/include/oc_pki.h
+@@ -45,6 +45,9 @@ int oc_pki_add_trust_anchor(size_t device, const unsigned char *cert,
+ void oc_pki_set_security_profile(size_t device,
+                                  oc_sp_types_t supported_profiles,
+                                  oc_sp_types_t current_profile, int mfg_credid);
++
++void oc_pki_remove_credential_by_credid(size_t device, long credid);
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/security/oc_pki.c b/security/oc_pki.c
+index a3ecc4f..97e8fb3 100644
+--- a/security/oc_pki.c
++++ b/security/oc_pki.c
+@@ -334,6 +334,16 @@ oc_pki_add_trust_anchor(size_t device, const unsigned char *cert,
+   return pki_add_trust_anchor(device, cert, cert_size, OC_CREDUSAGE_TRUSTCA);
+ }
+
++void
++oc_pki_remove_credential_by_credid(size_t device, long credid)
++{
++  oc_sec_cred_t *cred = oc_sec_get_cred_by_credid(credid, device);
++  if (cred)
++  {
++    oc_sec_remove_cred(cred, device);
++  }
++}
++
+ #else  /* OC_PKI */
+ typedef int dummy_declaration;
+ #endif /* !OC_PKI */
+diff --git a/swig/swig_interfaces/oc_pki.i b/swig/swig_interfaces/oc_pki.i
+index ae654bb..c4bae02 100644
+--- a/swig/swig_interfaces/oc_pki.i
++++ b/swig/swig_interfaces/oc_pki.i
+@@ -32,6 +32,6 @@
+ %rename (addMfgTrustAnchor) oc_pki_add_mfg_trust_anchor;
+ %rename (addTrustAnchor) oc_pki_add_trust_anchor;
+ %rename (setSecurityProfile) oc_pki_set_security_profile;
++%rename (removeCredentialByCredid) oc_pki_remove_credential_by_credid;
+
+-
+-%include "oc_pki.h"
+\ No newline at end of file
++%include "oc_pki.h"
diff --git a/otgc/build.gradle b/otgc/build.gradle
@@ -30,7 +30,7 @@ android {
         minSdkVersion 21
         targetSdkVersion 28
         versionCode 13
-        versionName "2.0.1"
+        versionName "2.0.2"
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
 
         compileOptions {

diff --git a/otgc/src/main/AndroidManifest.xml b/otgc/src/main/AndroidManifest.xml
@@ -96,6 +96,11 @@
             android:label="@string/linked_roles_title"
             android:configChanges="orientation|screenSize"
             android:parentActivityName=".view.devicelist.DeviceListActivity" />
+        <activity
+            android:name=".view.trustanchor.TrustAnchorActivity"
+            android:configChanges="orientation|screenSize"
+            android:label="@string/trust_anchor_title"
+            android:parentActivityName=".view.devicelist.DeviceListActivity" />
         <activity
             android:name=".view.logviewer.LogViewerActivity"
             android:configChanges="orientation|screenSize"

diff --git a/otgc/src/main/java/org/openconnectivity/otgc/data/repository/AmsRepository.java b/otgc/src/main/java/org/openconnectivity/otgc/data/repository/AmsRepository.java
@@ -38,6 +38,7 @@
 import org.openconnectivity.otgc.domain.model.resource.secure.acl.OcAceSubjectType;
 import org.openconnectivity.otgc.domain.model.resource.secure.acl.OcAcl;
 import org.openconnectivity.otgc.utils.constant.OcfResourceUri;
+import org.openconnectivity.otgc.utils.constant.OcfWildcard;
 
 import java.io.IOException;
 import java.util.ArrayList;
@@ -201,7 +202,11 @@ private List<OcAceResource> getResources(List<String> verticalResources) {
         List<OcAceResource> resources = new ArrayList<>();
         for (String verticalResource : verticalResources) {
             OcAceResource res = new OcAceResource();
-            res.setHref(verticalResource);
+            if (OcfWildcard.isWildcard(verticalResource)) {
+                res.setWildCard(verticalResource);
+            } else {
+                res.setHref(verticalResource);
+            }
             /*List<String> types = new ArrayList<>();
             types.add("*");
             res.setResourceTypes(types);

diff --git a/otgc/src/main/java/org/openconnectivity/otgc/data/repository/CmsRepository.java b/otgc/src/main/java/org/openconnectivity/otgc/data/repository/CmsRepository.java
@@ -22,16 +22,7 @@
 
 package org.openconnectivity.otgc.data.repository;
 
-import org.iotivity.CborEncoder;
-import org.iotivity.OCClientResponse;
-import org.iotivity.OCEndpoint;
-import org.iotivity.OCEndpointUtil;
-import org.iotivity.OCMain;
-import org.iotivity.OCQos;
-import org.iotivity.OCResponseHandler;
-import org.iotivity.OCStatus;
-import org.iotivity.OCUuid;
-import org.iotivity.OCUuidUtil;
+import org.iotivity.*;
 import org.openconnectivity.otgc.domain.model.resource.secure.cred.OcCredPrivateData;
 import org.openconnectivity.otgc.domain.model.resource.secure.cred.OcCredPublicData;
 import org.openconnectivity.otgc.domain.model.resource.secure.cred.OcCredRole;
@@ -51,6 +42,7 @@
 import javax.inject.Singleton;
 
 import io.reactivex.Completable;
+import io.reactivex.CompletableSource;
 import io.reactivex.Single;
 import timber.log.Timber;
 
@@ -116,7 +108,7 @@ public Single<OcCsr> retrieveCsr(String endpoint, String deviceId) {
         });
     }
 
-    public Completable provisionIdentityCertificate(String endpoint, String deviceId, String identityCert) {
+    public Completable provisionTrustAnchor(String endpoint, String deviceId, String rootCert) {
         return Completable.create(emitter -> {
             OCEndpoint ep = OCEndpointUtil.newEndpoint();
             OCEndpointUtil.stringToEndpoint(endpoint, ep, new String[1]);
@@ -126,22 +118,22 @@ public Completable provisionIdentityCertificate(String endpoint, String deviceId
             OCResponseHandler handler = (OCClientResponse response) -> {
                 OCStatus code = response.getCode();
                 if (code.equals(OCStatus.OC_STATUS_OK) || code.equals(OCStatus.OC_STATUS_CHANGED)) {
-                    Timber.d("Provision identity certificate succeeded");
+                    Timber.d("Provision root certificate succeeded");
                     emitter.onComplete();
                 } else {
-                    emitter.onError(new IOException("Provision identity certificate error"));
+                    emitter.onError(new IOException("Provision root certificate error"));
                 }
             };
 
             if (OCMain.initPost(OcfResourceUri.CRED_URI, ep, null, handler, OCQos.HIGH_QOS)) {
                 OcCredPublicData publicData = new OcCredPublicData();
-                publicData.setPemData(identityCert);
+                publicData.setPemData(rootCert);
                 publicData.setEncoding(OcfEncoding.OC_ENCODING_PEM);
 
                 OcCredential cred = new OcCredential();
-                cred.setSubjectuuid(deviceId);
+                cred.setSubjectuuid("*");
                 cred.setCredtype(OcfCredType.OC_CREDTYPE_CERT);
-                cred.setCredusage(OcfCredUsage.OC_CREDUSAGE_CERT);
+                cred.setCredusage(OcfCredUsage.OC_CREDUSAGE_TRUSTCA);
                 cred.setPublicData(publicData);
                 List<OcCredential> credList = new ArrayList<>();
                 credList.add(cred);
@@ -167,6 +159,59 @@ public Completable provisionIdentityCertificate(String endpoint, String deviceId
         });
     }
 
+    public Completable provisionIdentityCertificate(String endpoint, String deviceId, String rootCert, String identityCert) {
+        return provisionTrustAnchor(endpoint, deviceId, rootCert)
+                .andThen(
+                    Completable.create(emitter -> {
+                        OCEndpoint ep = OCEndpointUtil.newEndpoint();
+                        OCEndpointUtil.stringToEndpoint(endpoint, ep, new String[1]);
+                        OCUuid di = OCUuidUtil.stringToUuid(deviceId);
+                        OCEndpointUtil.setDi(ep, di);
+
+                        OCResponseHandler handler = (OCClientResponse response) -> {
+                            OCStatus code = response.getCode();
+                            if (code.equals(OCStatus.OC_STATUS_OK) || code.equals(OCStatus.OC_STATUS_CHANGED)) {
+                                Timber.d("Provision identity certificate succeeded");
+                                emitter.onComplete();
+                            } else {
+                                emitter.onError(new IOException("Provision identity certificate error"));
+                            }
+                        };
+
+                        if (OCMain.initPost(OcfResourceUri.CRED_URI, ep, null, handler, OCQos.HIGH_QOS)) {
+                            OcCredPublicData publicData = new OcCredPublicData();
+                            publicData.setPemData(identityCert);
+                            publicData.setEncoding(OcfEncoding.OC_ENCODING_PEM);
+
+                            OcCredential cred = new OcCredential();
+                            cred.setSubjectuuid(deviceId);
+                            cred.setCredtype(OcfCredType.OC_CREDTYPE_CERT);
+                            cred.setCredusage(OcfCredUsage.OC_CREDUSAGE_CERT);
+                            cred.setPublicData(publicData);
+                            List<OcCredential> credList = new ArrayList<>();
+                            credList.add(cred);
+
+                            OcCredentials creds = new OcCredentials();
+                            creds.setCredList(credList);
+
+                            CborEncoder root = creds.parseToCbor();
+                            if (OCMain.doPost()) {
+                                Timber.d("Sent POST request to /oic/sec/cred");
+                            } else {
+                                String error = "Could not send POST request to /oic/sec/cred";
+                                Timber.e(error);
+                                emitter.onError(new Exception(error));
+                            }
+                        } else {
+                            String error = "Could not init POST request to /oic/sec/cred";
+                            Timber.e(error);
+                            emitter.onError(new Exception(error));
+                        }
+
+                        OCEndpointUtil.freeEndpoint(ep);
+                    }));
+    }
+
     public Completable provisionRoleCertificate(String endpoint, String deviceId, String roleCert, String roleId, String roleAuthority) {
         return Completable.create(emitter -> {
             OCEndpoint ep = OCEndpointUtil.newEndpoint();
@@ -302,4 +347,25 @@ public Completable deleteCredential(String endpoint, String deviceId, long credI
             OCEndpointUtil.freeEndpoint(ep);
         });
     }
+
+    public Completable addTrustAnchor(String pemCert) {
+        return Completable.create(emitter -> {
+            if (OCPki.addTrustAnchor(0 /* First device */, pemCert.getBytes()) == -1) {
+                emitter.onError(new Exception("Add trust anchor error"));
+            }
+
+            if (OCPki.addMfgTrustAnchor(0 /* First device */, pemCert.getBytes()) == -1) {
+                emitter.onError(new Exception("Add manufacturer trust anchor error"));
+            }
+
+            emitter.onComplete();
+        });
+    }
+
+    public Completable removeTrustAnchor(long device, long credid) {
+        return Completable.create(emitter -> {
+            OCPki.removeCredentialByCredid(device, (int)credid);
+            emitter.onComplete();
+        });
+    }
 }
diff --git a/otgc/src/main/java/org/openconnectivity/otgc/data/repository/IORepository.java b/otgc/src/main/java/org/openconnectivity/otgc/data/repository/IORepository.java
@@ -24,13 +24,17 @@
 
 import android.content.Context;
 
+import com.upokecenter.cbor.CBORObject;
+
+import org.openconnectivity.otgc.utils.constant.OtgcConstant;
 import org.spongycastle.asn1.pkcs.PrivateKeyInfo;
 import org.spongycastle.jce.provider.BouncyCastleProvider;
 import org.spongycastle.openssl.PEMKeyPair;
 import org.spongycastle.openssl.PEMParser;
 import org.spongycastle.openssl.jcajce.JcaPEMKeyConverter;
 
 import java.io.File;
+import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -130,6 +134,23 @@ public Single<X509Certificate> getAssetAsX509Certificate(String fileName) {
         });
     }
 
+    public Single<X509Certificate> getFileAsX509Certificate(String path) {
+        return Single.create(emitter -> {
+            try (InputStream inputStream = new FileInputStream(path)) {
+                Security.addProvider(new BouncyCastleProvider());
+                CertificateFactory factory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
+                X509Certificate caCert = (X509Certificate) factory.generateCertificate(inputStream);
+                emitter.onSuccess(caCert);
+            } catch (FileNotFoundException e) {
+                Timber.e("File not found: %s", e.getMessage());
+                emitter.onError(e);
+            } catch (IOException e) {
+                Timber.e("%s file storage failed", path);
+                emitter.onError(e);
+            }
+        });
+    }
+
     public Single<byte[]> getBytesFromFile(String path) {
         return Single.fromCallable(() -> {
             byte[] fileBytes;
@@ -142,4 +163,15 @@ public Single<byte[]> getBytesFromFile(String path) {
             return fileBytes;
         });
     }
+
+    public Single<CBORObject> getAssetSvrAsCbor(String resource, long device) {
+        return Single.create(emitter -> {
+            try (FileInputStream stream = new FileInputStream(mContext.getFilesDir() +
+                                                    File.separator + OtgcConstant.OTGC_CREDS_DIR +
+                                                    File.separator + resource + "_" + device)) {
+                CBORObject cbor = CBORObject.Read(stream);
+                emitter.onSuccess(cbor);
+            }
+        });
+    }
 }
diff --git a/otgc/src/main/java/org/openconnectivity/otgc/data/repository/IotivityRepository.java b/otgc/src/main/java/org/openconnectivity/otgc/data/repository/IotivityRepository.java
@@ -56,7 +56,12 @@
 import org.openconnectivity.otgc.utils.constant.OcfResourceUri;
 import org.openconnectivity.otgc.utils.constant.OtgcConstant;
 
+import java.io.BufferedInputStream;
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
@@ -120,7 +125,19 @@ public Completable initOICStack() {
                 Timber.e("Failed to setup Storage Config.");
             }
 
-            OCIntrospection.setIntrospectionFile(0 /* First device */, filesDir + OtgcConstant.INTROSPECTION_CBOR_FILE);
+            File introspectionFile = new File(filesDir + OtgcConstant.INTROSPECTION_CBOR_FILE);
+            int size = (int) introspectionFile.length();
+            byte[] introspectionData = new byte[size];
+            try {
+                BufferedInputStream buf = new BufferedInputStream(new FileInputStream(introspectionFile));
+                buf.read(introspectionData, 0, introspectionData.length);
+                buf.close();
+            } catch (FileNotFoundException e) {
+                emitter.onError(e);
+            } catch (IOException e) {
+                emitter.onError(e);
+            }
+            OCIntrospection.setIntrospectionData(0 /* First device */, introspectionData);
 
             int ret = OCMain.mainInit(new OCMainInitHandler() {
                 @Override

diff --git a/...in/java/org/openconnectivity/otgc/domain/model/resource/secure/cred/OcCredPublicData.java b/...in/java/org/openconnectivity/otgc/domain/model/resource/secure/cred/OcCredPublicData.java
@@ -22,6 +22,8 @@
 
 package org.openconnectivity.otgc.domain.model.resource.secure.cred;
 
+import com.upokecenter.cbor.CBORObject;
+
 import org.iotivity.CborEncoder;
 import org.iotivity.OCRep;
 import org.iotivity.OCRepresentation;
@@ -62,6 +64,28 @@ public void setDerData(byte[] derData) {
         this.derData = derData;
     }
 
+    public void parseCbor(CBORObject cbor) {
+        /* encoding */
+        CBORObject encodingObj = cbor.get(OcfResourceAttributeKey.ENCODING_KEY);
+        if (encodingObj != null) {
+            String encoding = encodingObj.AsString();
+            this.setEncoding(OcfEncoding.valueToEnum(encoding));
+        }
+        /* data */
+        CBORObject dataObj = cbor.get(OcfResourceAttributeKey.DATA_KEY);
+        if (dataObj != null) {
+            if (encodingObj.AsString().equals(OcfEncoding.OC_ENCODING_DER.getValue())) {
+                /* data DER format */
+                byte[] dataDer = dataObj.GetByteString();
+                this.setDerData(dataDer);
+            } else if (encodingObj.AsString().equals(OcfEncoding.OC_ENCODING_PEM.getValue())) {
+                /* data PEM format */
+                String dataPem = dataObj.AsString();
+                this.setPemData(dataPem);
+            }
+        }
+    }
+
     public void parseOCRepresentation(OCRepresentation rep) {
         /* data DER format */
         byte[] dataDer = OCRep.getByteString(rep, OcfResourceAttributeKey.DATA_KEY);